Virus nightmare

Geordie Jester

Well-known Member
Can anyone help with this virus problem.

I have adaware detecting Win32TrojanAgent and Win32TrojanTDSS. and AVG (fully updated) detecting the Cryptor virus.

Both say they have cleaned them off (AdAware needing a reboot to do it's stuff), but each time I restart Windows, the system is getting re-infected

It's reaaaallly starting to ****** me off as it takes 2 hrs for a full virus scan.

clearly the virus is not getting totally removed and its finding a way to reinstall itself afterwards.

Tried to install Malwarebytes Anti-malware as it seems to be mentioned by a few people, but it's not installing properly (maybe the virii are blocking it).

The only symptom is that Firefox search results are just clicking thru to random, dodgy websites. IE seems fine, and is actually the default browser.

Windows Update aint working too......just hangs at the page that is supposed to be checking for what is installed already. This seems odd and is maybe the payload again


ARGGGHHHHH ! ! Wasted two days trying to get it clean :(

any ideas folks ?
 

Curly99

Distinguished Member
first turn of system restore, this will delete all restore points (they may contain the trojan/virus) download and run Hijack_this there is a link to a guide and where to post the resulting log file or you could do a google search for a Hijack This analyser that should point you in the right direction.

Curly
 

Lampshader

Active Member
if it's that bad then just back up your data and format the drive and start again to make sure, then on the plus side it will take out all the crap that accumulates in a system over time
 

Batch

Well-known Member
Take alook at ComboFix
 

EarthRod

Distinguished Member
Hi

Er...no. The problem has been spotted and logged with the AV already used.

The issue now is to clear the problem. I recommend, as Lampshader suggests, a backup of personal data, reformat drive, then a clean re-install of the OS.

Alan
 

SteveU30

Distinguished Member
Before you do though, try Spybot S&D from here, it's pretty good at getting rid of stuff that others can't!

Steve
 

Geordie Jester

Well-known Member
I hear what you are saying Alan, but it would be a complete chew to do a complete reinstall....for many reasons.

Steve I will give that a whirl.

it's definately

WIN32TROJANAGENT
and
WIN32TROJANTDSS

that are causing the grief if anyone has any specific fixes
 
Last edited:

Geordie Jester

Well-known Member
Hi there,

Just a follow-up on my virus issue. Narrowed it down to the rootkit.win32.tdss.a trojan. AVG just kept saying it had cleaned it off...and it hadn't

Bought Kaspersky Internet Security 2009 and installed it. Had a few scary moments just after install where datafiles got corrupt, the virus trying to block the install. Anyways....got it installed and then did full scan. found virus and said it needed to reboot. On restart the virus got reapplied....and so on...in a loop.

Went on the forum and saw quite a few mentions of this virus. A very helpful Romanian gave me some pointers. I needed to give him a statusfile from the virus checker. then he gave me a specially tweaked script to run.

Then I had to run ComboFix (good call Batch), and post the log back to him. He then got me to run Kaspersky again and everything was clean and sorted.

Very impressed so far with KIS2009 if anyone needs a protection s/w. 19.99 for 3 licences. on special at the mo.

P
 

Geordie Jester

Well-known Member
oh...one other trick.... if you try combofix (or others)......rename the install exe to something like 1234.exe and run that. When I tried combofix.exe it didnt even install. it was getting spotted by the sneaky virus and blocked
 

The latest video from AVForums

65-inch LG C1 Review coming soon to AVForums
Subscribe to our YouTube channel
Support AVForums with Patreon

Top Bottom